Notices by Soatok Dreamseeker (soatok@furry.engineer)

Years of being around folks in open relationships has rendered me immune to like 99% of drama.

"What would you do if you had a boyfriend and caught him in bed with another man?" -> "idk, put on a pot of coffee?"

@mkj @AliCatAD I should add some JavaScript that includes that if the document.referrer includes ycombinator.com in the string

@phryk This is always the funniest and dumbest cycle:

1. I write something on my furry blog.
2. Someone else submits it to Hacker news.
3. Someone complains about the furry art on my furry blog.

Oops.

Hacker News and its vaunted "meritocracy", folks:

(Before anyone complains about the goatse with incorrect numbers of fingers: The other obvious parody of OpenAI's logo is a hate symbol and I didn't want to go with that.)

Tech Companies Apparently Do Not Understand Why We Dislike AI

It's becoming increasingly apparent that one of the reasons why tech companies are so enthusiastic about shoving AI into every product and service is that they fundamentally do not understand why people dislike AI. I will elaborate. I was recently made aware of the Jetbrains developer ecosystem survey, which included a lot of questions about AI. After I answered some of them negatively (and possibly…

http://soatok.blog/2025/05/04/tech-companies-apparently-do-not-understand-why-we-dislike-ai/

It would be a real shame if thousands of people submitted totally legitimate incidents concerning Texas public schools for these Republican losers to sift through.

https://defendinged.org/join-the-movement/report-an-incident/

Context: https://ghostarchive.org/archive/XLPho || https://archive.ph/pIZy5

Whatever you do, do not crapflood them, troll them, or satirize them.

Choose cryptography, where you can have to explain tautology like "the empty string is the prefix to every string" to computer science majors that don't understand domain separation.

@dascandy If I were a betting dhole, I'd put my money on "law enforcement"

@dascandy Another prospect that was raised: "developed by AI"

None of this is particularly interesting. Lots of people ship god awful cryptography.

The really interesting thing is how they try to market this pile of shit.

I'm not going to bother digging further to see how keys are managed.

For all I know, the cipher mode is smoke and mirrors and everyone is using the same hard-coded AES key somewhere to encrypt their chats.

When you consider how it's marketed, the features they emphasize, the fact that it's not open source, and the low quality review they're trying to pass off as an "audit", this thing is either a textbook example of developer hubris or it's another law enforcement sting operation.

Their vaunted "cyber security audit" from Dekra is just a checklist exercise against the OWASP Top 10.

So, right off the bat: "Military-Grade AES-256 Encryption" is a red flag. Nobody in the privacy or security space sees "military-grade" as a good thing.

If you scroll through their feature list, you'll notice a few things:

1. It's not open source.
2. Decoy PINs that expose a second, innocuous profile
3. Optional feature: Entering your PIN backwards nukes your account
4. An unhealthy emphasis on message erasure--including on other peoples' devices

This sounds very familiar, doesn't it?

This is basically a clone of EncroChat!

Since it's all React.JS, I did the lazy thing: Looked in the assets directory for JavaScript files.

Success: assets/threads/Threads/encrypt.bundle and assets/threads/Threads/decrypt.bundle.

Unfortunately, this is just crypto-browserify and some other React libraries webpacked together.

It's full of side-channels and it's not clear which components are relevant.

Like, their ghash implementation (used by AES-GCM, which their decrypter uses) uses the && operation after comparing each bit of the state against 0, which short-circuits the right hand side. This introduces a timing side-channel that loudly exposes the entire GHASH state at any given point of time.

They also implemented AES with S-boxes in pure JavaScript (no bitslicing), which adds a cache-timing leak. Yay.

Their PKCS7 padding removal step for AES-CBC (which appears to be used for key-wrapping) also maximizes the timing leakage.

Suffice to say, the only cryptographic primitives I can find in their app are not recommended.

Earlier, when I thought I had enough motivation to blog about it, I decided to reverse engineer their APK.

It turns out, there's no actual cryptography code in the .dex files. (p5 and t5 only contained file extension metadata.)

There's a lot of React code, though.

Let's talk about xPal, which purports to be an encrypted messaging app. https://xpal.com

Anyone that reads my blog probably already knows where this is going.

If this post accidentally reaches escape velocity and people that don't know me find it: Hi, I'm a furry cryptography nerd. Usually when I talk about so-called private apps, it's to disclose vulnerabilities in them.

(Today, I just don't have the damn energy to do a formal write-up.)

Let's start with how they market their app.

@j91321 https://www.youtube.com/watch?v=rRbY3TMUcgQ came to my mind when I saw the headline

Just remember: as annoying as some fedi users are, so many people are worse.